Introduction to Mobile Browser Malware
Rapid7, a cloud security company, has reported a new malware threat this October. The bug affects six different browsers, including Opera, Yandex, and Apple Safari. It also exposes less-common browsers such as Bolt Browser and UC browser to security risks.
This safari bug works by address-bar spoofing, which is different from address spoofing. IP address spoofing frequently occurs in denial-of-service attacks. Denial-of-service, or DoS, attacks are enlisted by bad actors to make machines or network resources unavailable to users. The DoS attack overwhelms the targeted machine or network with false requests to make the machine unavailable to legitimate requests. DoS attacks most frequently target banks and payment gateways.
Tod Beardsley, Rapid7’s research director, noted in a blog post that mobile browsers can be especially vulnerable to address-bar malware attacks. Smartphone users rely on their web browsers to access sensitive personal information, but there is little to no way of validating the source of a notification because that source begins and ends with the URL that’s in the address bar.
Mr. Beardsley describes the issue as a JavaScript exploitation. Developers have been aware of this vulnerability type since 2016. The safari bug works by slipping in during that lag time between a page loading and the browser refreshing the address bar. The bug can then make a pop-up or content that appears to come from a legitimate website but is actually from a malicious source. This is similar to phishing emails that contain links that, once clicked, can expose your machine to viruses. With address-spoofing bugs, attackers can create a malicious website and send the harmful URL via text, email, and even social media.
Users should follow standard IT safety protocols to protect themselves: update your browser and remain alert while browsing on your phone. Mr. Beardsley observed that similar bugs have affected desktop browsers as well. For example, Big Sur MacOS Safari was impacted by the same issue a few days ago. It has since been fixed.
Browser developers are currently working on fixing the problem, and some already have a fix in place. Opera and Apple were among the quickest to respond to vulnerabilities and provide a solution. Mr. Beardsley cautions users of less-common browsers to either leave a comment in their app store requesting a patch or consider switching to a more popular (and more supported) browser type. Alerting a browser developer about a vulnerability can encourage them to respond quicker to malware next time, but it’s still good to play on the safe side.